{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T00:28:43.020","vulnerabilities":[{"cve":{"id":"CVE-2025-11375","sourceIdentifier":"security@hashicorp.com","published":"2025-10-28T21:15:37.470","lastModified":"2025-12-22T15:55:08.583","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Consul and Consul Enterprise’s (“Consul”) event endpoint is vulnerable to denial of service (DoS) due to lack of maximum value on the Content Length header. This vulnerability, CVE-2025-11375, is fixed in Consul Community Edition 1.22.0 and Consul Enterprise 1.22.0, 1.21.6, 1.20.8 and 1.18.12."}],"metrics":{"cvssMetricV31":[{"source":"security@hashicorp.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@hashicorp.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"1.18.12","matchCriteriaId":"DE3AEC9A-D84F-4B7C-9B03-D3B8CE2CD319"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:*","versionEndExcluding":"1.22.0","matchCriteriaId":"BD19A817-7366-4C2E-ADF9-35DC889EFE58"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.19.0","versionEndExcluding":"1.20.8","matchCriteriaId":"596686CD-4DE0-4C9A-83CC-F07B0D2014DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*","versionStartIncluding":"1.21.0","versionEndExcluding":"1.21.6","matchCriteriaId":"8B688D66-7E0A-4969-9187-D5374EDF68B9"}]}]}],"references":[{"url":"https://discuss.hashicorp.com/t/hcsec-2025-28-consuls-event-endpoint-is-vulnerable-to-denial-of-service/76723","source":"security@hashicorp.com","tags":["Vendor Advisory"]}]}}]}